Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard
|
|
- Eugenia Hodge
- 8 years ago
- Views:
Transcription
1 Symplified I: Windows User Identity Matthew McNew and Lex Hubbard
2 Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2 Non-functional Requirements 3 Use Cases 3 Design 4 Design Summary 4 SimpleIWA ASP.Net Web Page Design 5 Installer and Configuration Utility Design 6 UML Diagrams 8 Implementation Details and Results 10 Scope 12 Conclusions and Future Directions 12 Glossary 13 References 14 i
3 Abstract Single Sign On (SSO) allows users to access multiple services with only one login instead of having to repetitively enter their username and password at every prompt. SSO curtails phishing attempts, prevents password fatigue, and decreases calls to Information Technology (IT) Departments. This project involves enabling SSO through an Identity Router (IdR) that exists in a separate domain from Windows Active Directory. The company, Symplified, allows SSO to cloud applications through their IdR. The goal of this project is to create software that Symplified s clients can deploy. This software (referred to from here as SimpleIWA) authenticates Windows users from the client s Active Directory (AD) domain to the IdR that exists in a separate domain. SimpleIWA pulls user information from an Active Directory on a separate domain from Symplified s on site IdR. SimpleIWA installs an ASP.Net page that exists on a Windows Internet Information Services (IIS) server and processes requests using Integrated Windows Authentication (IWA). At the user s request, SimpleIWA pulls Windows user information from AD and a signed Security Access Markup Language (SAML) document is generated and sent to the IdR. This process is seamless without any user interaction and it is invisible to the user. SimpleIWA has to be deployed to client IIS servers. Therefore SimpleIWA is packaged for distribution with a configurable Visual Studio Installer. SimpleIWA has been tested and documented with different configurations. 1
4 Introduction to the Project Symplified provides its clients with an IdR that allows secure access to cloud applications through SSO. Symplifed s IdR, known as Single Point, authenticates users on the client s network through Active Directory. The current system requires that the IdR be in the same domain as the client s Active Directory and many of Symplified s clients would prefer to create a separate domain for the IdR. Project Description The solution was named SimpleIWA. With SimpleIWA, Symplifed s IdR redirects a user s browser to the SimpleIWA ASP.Net page on the client s IIS server. SimpleIWA utilizes IWA to identify the user s information. SimpleIWA pulls user attributes from Active Directory including the user s Username and any other attributes the client prefers to include in the response. Then SimpleIWA generates a SAML document with the user information and any additional attributes. Before submitting the document a configuration file is read that includes an Assertion Customer Service URL (ACS URL), a Relay State, and the location of the private key. The SAML document is signed with the private key and it is submitted through the user s browser to the ACS URL on the IdR. SimpleIWA is deployed using a Visual Studio Installer. The installer checks for IIS,.Net, and IWA. It offers links to tutorials and download pages if these requirements are not present on the current system. Once these requirements are confirmed, SimpleIWA Installer enables the correct.net version for the webpage to run under. The installer also requests information from the user. The first tab has fields for the requirements: an ACS URL, an Issuer, an Audience, and a Relay State. The second tab contains a check box list for LDAP fields to be pulled from AD for authentication. The last tab allows the user to provide the private key location. Requirements Specification Functional Requirements SimpleIWA must process user identity from IWA and create a SAML assertion that will be sent to an Identity Router. In addition SimpleIWA must be packaged allowing it to be easily distributed. Specific requirements include: Maintain the current system s SSO functionality Accept user browser requests Identify Active Directory users with IWA Require the user to log into Active Directory if the user identity cannot be provided by IWA Create a SAML assertion that verifies the user and provides other, to be determined attributes of that user 2
5 Send the SAML assertion to the IdR over HTTP Post Create an installer to install the product on different servers Allow the application to be configured in the installer Non-Functional Requirements Allow SimpleIWA to be deployed on any domain within the network Write SimpleIWA in C# with ASP.Net SimpleIWA must install and run on a Windows Server running IIS Architecture Diagram Use Cases SimpleIWA will allow a specific configuration: the client s Active Directory will be able to send user authentication to the IdR that Symplified provides while the IdR is in a separate domain. Installation 1. Display installation screen A. Prompt for Install i. Verify IWA, IIS, and ASP.Net a. Provide links and installation information ii. Enable most recent version of.net in IIS iii. Prompt for configuration information iv. Exit B. Prompt for Exit i. Exit 2. SimpleIWA is installed on Server waiting for requests Single Sign On Authentication 1. User logs on to Active Directory with username/password combination 2. User s browser requests SimpleIWA A. Software authenticates the user B. User is redirected to the intended location Authentication With User Not Logged into Active Directory. 1. User s browser requests SimpleIWA A. Software asks the user for username/password combination B. User logs in with Active Directory username/password combination c. User is redirected to the intended location 2. User enters incorrect username/password combination A. Software asks for username/password combination again 3
6 Design Design Summary SimpleIWA contains two distinct components. The first component is the Default ASP.NET webpage written in C# that generates the SAML assertion. The second component is the installer and configuration utility. The Default ASP.NET Web Page sets up the web page and calls the other processes when the page is loaded. The modules in this web page are outlined in Figure 1. Module A reads information on the ACS URL, relay state, and the location of the private key from a configuration file. Module B identifies the user and pulls information from Active Directory. Module C takes the user information from the first process and generates a signed and base 64 encoded SAML Assertion. The default ASP.NET webpage sends the assertion and relay state over HTTP POST to the ACS URL. The installer installs and configures the application for IIS. The modules of the installer are described in Figure 2. A Visual Studio Installer project is used to install the application and detect dependencies. The installer utilizes a C# Custom Action to configure and setup the application. This Custom Action can also be separated into modules. Write Modules. Modules: Configure IIS, Config Form, 4
7 ASP.NET Web Page Design Figure 1. The Components of SimpleIWA Default ASP.NET Web Page The Default ASP.NET Web Page is called on the server. This web page specifies an XHTML Splash Screen for the user. The Page Load function calls the Read Configuration Module to load the SimpleIWA configuration and the Determine User Information from Active Directory Module to identify user information. Using this information, a SAML assertion is created with the Generate SAML Assertion Module. Then an XHTML form that has two attributes is created. One attribute is the RelayState. The other attribute is the Base 64 encoded SAML document. Javascript is used to automatically submit the form to the ACS URL. The Relay State and the ACS URL are obtained from the Configuration File. Module A - Read Configuration There is an XML configuration file in the root of the ASP.Net application. This module reads the configuration file and obtains important configuration details for other components. Existing.Net XML serialization libraries are used to read and parse the file. The configuration file contains five unique fields. One field describes the ACS URL which is where SimpleIWA submits the SAML assertion. Another field describes the relay state of application. This field is also used when the SAML assertion is submitted and redirects the browser. Another field 5
8 describes the location of the private key. This configuration detail is used when the SAML assertion is digitally signed in the Generate SAML Assertion module. A field describes the Issuer which informs the IdR of the SAML Assertion origin. And another field describes the NameID which is the format of the username. Module B - Determine User information from Active Directory SimpleIWA pulls user information from Active Directory. The information pulled includes the user s login name and any information Symplified would like to use to authenticate that user to the IdR. The required attributes to pull from Active Directory are specified in the configuration file. SimpleIWA pulls these fields from LDAP (Lightweight Directory Access Protocol) using a modular function on each requested field. In addition to the user s login, SimpleIWA is able to authenticate the user by pulling their information from AD such as the full name, address, memberships, etc. Module C - Generate SAML Assertion The SAML assertion is generated with the user information that is provided by Active Directory in Module B. To generate the SAML document, existing Code Project libraries were modified to reduce unnecessary work. Given attributes, a SAML XML document of type XmlDocument in System.Xml is generated. The private key is read and opened. Existing libraries in System.Xml.Cryptography are used to generate a digital signature with the private key. Then the XML document and the Signature are Base 64 bit encoded. The product of this operation is used by the ASP.NET webpage to submit the SAML Assertion. 6
9 Installer and Configuration Utility Design Figure 2 The Components of the SimpleIWA Installer Virtual Studio Installer The Virtual Studio Installer is configured using the Virtual Studio Interface. The installer checks for dependencies by querying the Windows Registry for the required registry entries. If a dependency is missing, instructions are provided on how to install the necessary dependency. A branded interface in the installer allows the user to configure where SimpleIWA will be installed and which AppPool to use on IIS. After these preliminary configuration details have been set up SimpleIWA is installed at the specified path. At the end of the install process a Custom Action is executed. This Custom Action configures the system and provides a User Interface to configure the SimpleIWA configuration file. This Custom Action is described in greater detail below in three different processes. 7
10 Process A - Configure the System for SimpleIWA At first, the Custom Action configures the System for SimpleIWA. This is done by identifying the version of IIS on which the installation is being performed. On IIS 6 dynamic content is enabled. On IIS 7 ISAPI restrictions are removed. On all platforms the correct version of.net is set on the AppPool running SimpleIWA. In addition, Windows Authentication is enabled in IIS and the Network Service user account is given write permissions to the Windows Temp Directory. Process B - Configuration Interface A tabbed Windows Form is displayed to provide an interface to configure the SimpleIWA configuration file. The interface allows users to specify the ACS URL, the Relay State, the Audience, the Issuer, and the SAML Subject. A different tab allows the users to specify which Active Directory attributes to include in the SAML assertion. A third tab allows users to choose a Certificate containing a private key with a file section dialog. The file selection dialog runs on a separate thread from the installer. When the form is submitted, Process C takes place and the Configuration File is Generated Process C - Generate Configuration File The configuration file is generated using the C# XML serialization library. Each field of the form is read and added to the XML document as an element of the appropriate type. Each Active Directory attribute from the checkbox list is used as a key to find the appropriate LDAP attribute value in the LDAP dictionary inside of the Windows Form. The location of the private key is requested and both the key and the configuration file are added to SimpleIWA s installation location. UML Diagrams Two simplified UML diagrams are shown below. The diagram, in Figure 3 illustrates the different modules in the SimpleIWA ASP.NET webpage. The user s web browser is directed to the Default WebPage. When this happens the Page_Load function is executed. This function initializes and utilizes the other classes as described in detail above. The ConfigFile class is used to obtain configuration attributes. The UserInfo class is utilized to obtain IWA user identity information. The SamlBuilder class is used to generate a SAML assertion. 8
11 Figure 3 UML Diagram for the SimpleIWA ASP.NET webpage Figure 4 illustrates the basic design of the SimpleIWA Installer Custom Action. The Custom Action class is used by the Visual Studio Installer. At the end of the install process the Installer function is executed. This function configures the System for the SimpleIWA application. The function also initializes a ConfigForm that allows the user to configure SimpleIWA. The ConfigForm class uses the ConfigWriter to write the SimpleIWA configuration file. Figure 4 UML Diagram for the SimpleIWA Installer Custom Action 9
12 Implementation Details and Results SimpleIWA was written in Visual Studio 2010 using C# and ASP.Net. Windows IIS uses virtual directories that run ASP.Net web pages and there was quite a lot of functionality for SimpleIWA s requirements already existing in Visual Studio C#. The configuration file follows an XML schema. This was a natural choice for the configuration file because it follows the pattern of other IIS and ASP.NET configuration files. In addition, SimpleIWA is required to produce a SAML Assertion, a protocol that is based on XML. SimpleIWA utilizes a modified SAML Library written in C# and provided by The Code Project Open License. A library was used to generate SAML to avoid rewriting publicly available code. This library was chosen because it was well documented. In addition, the simplicity of the library allowed it to be modified and integrated into SimpleIWA. The private key file chooser dialog in the configuration utility runs on a separate thread from the installer thread. This is because the Windows OpenFileDialog class is required to run on a thread with a single threaded apartment state. The installer thread does not satisfy this requirement. A separate thread is created to use the Windows class and provide familiar functionality to the user. Windows Installer XML (WIX) was considered as the basis for SimpleIWA s installer, but after research, it was determined that the learning curve for WIX would be too steep. Ultimately, A Visual Studio Installer fit the scope of the project. A Visual Studio Installer is not as powerful as using a WIX installer. However, it offers a complete ASP.NET installer that can be configured with Custom Actions to add additional functionality. This additional functionality was essential to allow SimpleIWA to be configured in the install process. Integration Testing SimpleIWA was tested with six different Active Directory servers. The servers were running on different versions of Windows and had different releases of IIS. In addition SimpleIWA was tested with Symplified s Single Point Studio Software. SimpleIWA works smoothly in all the different testing environments. Many of the different testing environments have different dependencies. The SimpleIWA installer identifies when these dependencies are missing and provides instructions to install them. The SimpleIWA application requires.net version 4. IIS is also required. However, only IIS versions 6 and 7 have been tested. During the installer the AppPool and the virtual directory are specified. The installer will enable dynamic content on the specified AppPool. When using IIS 7 a few different role services are required. The Windows Authentication role service and 10
13 compatibility components role service must be installed. When these dependencies are not installed the installer provides instructions on how to install them. Servers SimpleIWA Installer and SimpleIWA functionality were tested on the following servers through a Remote Desktop Connection. Windows 2003 DC with IIS 6.0 (testlified.com) VNC beavis.bdr.symplified.net:5922 Windows 2003 DC with IIS 6.0 (symp.testlified.com) VNC beavis.bdr.symplified.net:5929 Windows 2008 DC with IIS 7.0 (symplified.sqa) VNC beavis.bdr.symplified.net:5915 Windows 2008 DC with IIS 7.0 (qa1.symplified.sqa) VNC beavis.bdr.symplified.net:5917 Windows 2008 DC with IIS 7.0 (qa1.symplified.sqa) VNC beavis.bdr.symplified.net:5954 Windows 2008 DC with IIS 7.0 (topherific.com) Remote Desktop Clients SimpleIWA functionality was tested with the following clients through a VNC connection. Windows Vista Business VNC beavis.bdr.symplified.net:5950 Windows 7 Professional VNC beavis.bdr.symplified.net:5964 Windows XP Proffessional VNC beavis.bdr.symplified.net:5938 Windows 7 Professional Remote Desktop
14 Scope and Project Progression SSO functionality was required. Using IWA to verify Active Directory users was required. SimpleIWA had to create a SAML assertion that would allow the IdR to verify a user s access to cloud applications. The IdR had to be able to do this from a separate domain than the client s Active Directory domain. Clients had to be able to deploy SimpleIWA on any domain in their network. Symplified required an installation UI for SimpleIWA. Ultimately, time allowed for this to fall into the scope of this project. SimpleIWA met all of the goals that Symplified set out for it to accomplish. One of the main aspects of SimpleIWA was creating an application that would make it easier for Symplified s clients to obtain the functionality they desired through Symplified s service. With that in mind, additional functionality was added to the product to make it more user friendly, especially with the installation. SimpleIWA deals with IIS in a user friendly way by providing helpful links and installing necessary components itself. It also reconfigures IIS on its own to make the experience as automated as possible for the client administrators. In addition, SimpleIWA is very easy to reconfigure. The configuration form can be opened and resubmitted at any time after SimpleIWA is installed. Conclusion SimpleIWA is a product with massive potential to simplify SSO tasks for users operating on Windows Networks. The software has been demonstrated to Symplified s Development and Marketing Team. These employees are very excited to bring the product to Symplified s clients. Some desired functionality was outside of the scope of the project. It would be beneficial for SimpleIWA to log access requests to enable more effective system maintenance. In addition a more portable installer could be created using WIX. This installer could have greater functionality and be easily expanded to different versions of Windows and IIS. Even without the functionality that was outside the project scope, SimpleIWA development used many different and useful technologies. We realized that Visual Studio can be used to collaborate multidimensional products. We learned that SAML has a wide range of useful functionalities that can be utilized in many Internet applications to provide an easier method of authentication. Finally, we discovered that free fall design techniques are difficult to work this and pursuing an agile philosophy can speed up and enhance development. 12
15 Glossary Active Directory (AD) - Created by Microsoft, provides many services to a network, a central service for administrators to reside over a network and provide security Active Server Pages (ASP) - A server side script engine for dynamically generated web applications ASP.Net - Web application framework for building web applications Assertion Consumer Service URL (ACS URL) - The location where the SAML assertion is sent, the Service Provider s authentication location Extensible Markup Language (XML) - A protocol for creating documents that are easily read by machines HTTP (Hypertext Transfer Protocol) - A networking protocol and the basis for the Worldwide Web HTTP POST - An HTTP request method that allows for an arbitrary length of data Identity Provider (IDP) - A service that registers URL identities and provides authentication Identity Router (IdR) - A device that allows internal network identities to be associated with external network identities Internet Information Services (IIS) - Web server application by Microsoft. Administration Pack adds ASP.Net authorization Integrated Windows Authentication (IWA) - Allows automatic authentication between Active Directory aware applications LDAP (Lightweight Directory Access Protocol) - A network directory protocol for accessing and editing information over TCP/IP Security Assertion Markup Language (SAML) - An XML based publicly available standard for authenticating across domains between an Identity Provider which provides assertions and a Service Provider which consumes them Service Provider (SP) - An entity that provides a service, a business that provides a server (either hardware or virtual), an entity that hosts a web application Single Sign On (SSO) - The ability for a system to verify a user to multiple resources with only one prompt for a username/password combination Software as a Service (SaaS) - A software delivery model where software is hosted on the internet (cloud) and accessed by users, typically through a web browser Uniform Resource Locator (URL) - A Uniform Resource Identifier with a location and instructions on how to get to that location, is an example of a URL Windows Installer XML (WIX) - Free software that builds Windows Installers (.msi) from XML documents 13
16 References Speight, David W. Performing a SAML Post with C#. The Code Project. March 8, May 19, < 14
Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationThis Deployment Guide is intended for administrators in charge of planning, implementing and
YOUR AUTOMATED EMPLOYEE Foxtrot Deployment Guide Enterprise Edition Introduction This Deployment Guide is intended for administrators in charge of planning, implementing and maintaining the deployment
More informationPingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1
PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity
More informationTo set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationTeam Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide
Page 1 of 243 Team Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide (This is an alpha version of Benjamin Day Consulting, Inc. s installation
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationSAML Authentication Quick Start Guide
SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.
More informationNTP Software File Auditor for Windows Edition
NTP Software File Auditor for Windows Edition An NTP Software Installation Guide Abstract This guide provides a short introduction to installation and initial configuration of NTP Software File Auditor
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationTo install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.
Znode Multifront - Installation Guide Version 6.2 1 System Requirements To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationSecurity Assertion Markup Language (SAML) Site Manager Setup
Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and
More informationIntroduction to Directory Services
Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationMicrosoft Office 365 Using SAML Integration Guide
Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationEgnyte Single Sign-On (SSO) Installation for OneLogin
Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationCloud Services ADM. Agent Deployment Guide
Cloud Services ADM Agent Deployment Guide 10/15/2014 CONTENTS System Requirements... 1 Hardware Requirements... 1 Installation... 2 SQL Connection... 4 AD Mgmt Agent... 5 MMC... 7 Service... 8 License
More informationStruxureWare Power Monitoring 7.0.1
StruxureWare Power Monitoring 7.0.1 Installation Guide 7EN02-0308-01 07/2012 Contents Safety information 5 Introduction 7 Summary of topics in this guide 7 Supported operating systems and SQL Server editions
More informationInternet Information Services Integration Kit. Version 2.4. User Guide
Internet Information Services Integration Kit Version 2.4 User Guide 2014 Ping Identity Corporation. All rights reserved. PingFederate Internet Information Services User Guide Version 2.4 June, 2014 Ping
More informationHP Software as a Service. Federated SSO Guide
HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationCloud Authentication. Getting Started Guide. Version 2.1.0.06
Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
More informationintertrax Suite resource MGR Web
intertrax Suite resource MGR Web Resource Management Installation Guide Version 4 2012 Copyright 2003-2012 by Salamander Technologies, Inc. Protected by US Patents 5,573,278; 5,596,652; 5,793,882; 6,761,312;
More informationCONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER
UMANTIS CLOUD SSO CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER THIS DOCUMENT DESCRIBES THE REQUIREMENTS TO SETUP A SINGLE SIGN ON (SSO) CONFIGURATION ON UMANTIS CLOUD BASED SOLUTIONS
More informationSAM Context-Based Authentication Using Juniper SA Integration Guide
SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationAn overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)
Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationINUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE
INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user
More informationOkta/Dropbox Active Directory Integration Guide
Okta/Dropbox Active Directory Integration Guide Okta Inc. 301 Brannan Street, 3rd Floor San Francisco CA, 94107 info@okta.com 1-888- 722-7871 1 Table of Contents 1 Okta Directory Integration Edition for
More informationEnabling Kerberos SSO in IBM Cognos Express on Windows Server 2008
Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials
More informationConfiguring EPM System 11.1.2.1 for SAML2-based Federation Services SSO
Configuring EPM System 11.1.2.1 for SAML2-based Federation Services SSO Scope... 2 Prerequisites Tasks... 2 Procedure... 2 Step 1: Configure EPM s WebLogic domain for SP Federation Services... 2 Step 2:
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationINTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
More informationWebSpy Vantage Ultimate 2.2 Web Module Administrators Guide
WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see
More informationIssue Tracking Anywhere Installation Guide
TM Issue Tracking Anywhere Installation Guide The leading developer of version control and issue tracking software Table of Contents Introduction...3 Installation Guide...3 Installation Prerequisites...3
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationPaperSave IT Prerequisites for Blackbaud s The Financial Edge
PaperSave IT Prerequisites for Blackbaud s The Financial Edge 1001 Brickell Bay Drive, 9 th floor Miami FL, 33131 305-373-5500 http://www.satmba.com Table of Contents Introduction to PaperSave...3 PaperSave
More informationJOSSO 2.4. Internet Information Server (IIS) Tutorial
JOSSO 2.4 Internet Information Server (IIS) Tutorial JOSSO 2.4 : Internet Information Server (IIS) Tutorial 1. Introduction... 1 2. Prerequisites... 2 3. Defining Identity Appliance Elements... 3 3.1.
More informationSalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy
SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House
More informationHP Software as a Service
HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty
More informationSAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.
Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationComo configurar o IIS Server para ACTi NVR Enterprise
Como configurar o IIS Server para 20101/1/26 NVR is a Windows based video surveillance software that requires Microsoft IIS (Internet Information Services) 6 or above to operate properly. If you already
More informationEgnyte Single Sign-On (SSO) Installation for Okta
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for Okta To set up Egnyte so employees can log in using SSO, follow the steps below to configure Okta and Egnyte to work with each other.
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More informationSage 300 ERP 2012. Sage CRM 7.1 Integration Guide
Sage 300 ERP 2012 Sage CRM 7.1 Integration Guide This is a publication of Sage Software, Inc. Version 2012 Copyright 2012. Sage Software, Inc. All rights reserved. Sage, the Sage logos, and the Sage product
More informationConnected Data. Connected Data requirements for SSO
Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated
More informationCloud Portal for imagerunner ADVANCE
Cloud Portal for imagerunner ADVANCE User's Guide Please read this guide before operating this product. After you finish reading this guide, store it in a safe place for future reference. ENG How This
More informationSAML Authentication with BlackShield Cloud
SAML Authentication with BlackShield Cloud Powerful Authentication Management for Service Providers and Enterprises Version 3.1 Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCARD
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationHow to Install and Setup IIS Server
How to Install and Setup IIS Server 2010/9/16 NVR is a Windows based video surveillance software that requires Microsoft IIS (Internet Information Services) to operate properly. If you already have your
More informationXIA Configuration Server
XIA Configuration Server XIA Configuration Server v7 Installation Quick Start Guide Monday, 05 January 2015 1 P a g e X I A C o n f i g u r a t i o n S e r v e r Contents Requirements... 3 XIA Configuration
More informationSAML application scripting guide
Chapter 151 SAML application scripting guide You can use the generic SAML application template (described in Creating a custom SAML application profile) to add a SAML-enabled web application to the app
More informationNetWrix USB Blocker Version 3.6 Quick Start Guide
NetWrix USB Blocker Version 3.6 Quick Start Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Getting Started...5 3.1.
More informationWeb Deployment on Windows 2012 Server. Updated: August 28, 2013
Web Deployment on Windows 2012 Server Updated: August 28, 2013 Table of Contents Install IIS on Windows 2012... 3 Install Sage 300 ERP...16 Create Web Deployment User...17 Sage 300 ERP Services...22 Web
More informationNovaBACKUP xsp Version 15.0 Upgrade Guide
NovaBACKUP xsp Version 15.0 Upgrade Guide NovaStor / November 2013 2013 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject
More informationContents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7
Directory Connector SonicWALL Directory Services Connector 3.1.7 Contents Platform Compatibility... 1 New Features... 2 Known Issues... 3 Resolved Issues... 4 Overview... 7 About SonicWALL Single Sign-On
More informationTIBCO Spotfire Metrics Prerequisites and Installation
TIBCO Spotfire Metrics Prerequisites and Installation Software Release 6.0 November 2013 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF
More informationHOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services
1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationConfiguring. Moodle. Chapter 82
Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare
More informationPro-Watch Software Suite Installation Guide. 2013 Honeywell Release 4.1
Pro-Watch Software Suite Release 4.1 Installation Guide Document 7-901073V2 Pro-Watch Software Suite Installation Guide 2013 Honeywell Release 4.1 Copyright 2013 Honeywell. All rights reserved. Pro-Watch
More informationHOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION
HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)
More informationDesktop Surveillance Help
Desktop Surveillance Help Table of Contents About... 9 What s New... 10 System Requirements... 11 Updating from Desktop Surveillance 2.6 to Desktop Surveillance 3.2... 13 Program Structure... 14 Getting
More informationPingFederate. IWA Integration Kit. User Guide. Version 3.0
PingFederate IWA Integration Kit Version 3.0 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.0 April, 2012 Ping Identity Corporation
More information1 (11) Paperiton DMS Document Management System System Requirements Release: 2012/04 2012-04-16
1 (11) Paperiton DMS Document Management System System Requirements Release: 2012/04 2012-04-16 2 (11) 1. This document describes the technical system requirements for Paperiton DMS Document Management
More informationInstallation & Configuration Guide
Installation & Configuration Guide Bluebeam Studio Enterprise ( Software ) 2014 Bluebeam Software, Inc. All Rights Reserved. Patents Pending in the U.S. and/or other countries. Bluebeam and Revu are trademarks
More informationAllidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications
Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications
More informationInstallation Guide v3.0
Installation Guide v3.0 Shepherd TimeClock 4465 W. Gandy Blvd. Suite 800 Tampa, FL 33611 Phone: 813-882-8292 Fax: 813-839-7829 http://www.shepherdtimeclock.com The information contained in this document
More informationConfiguring.NET based Applications in Internet Information Server to use Virtual Clocks from Time Machine
Configuring.NET based Applications in Internet Information Server to use Virtual Clocks from Time Machine System Details: The development & deployment for this documentation was performed on the following:
More informationSetting Up a Unisphere Management Station for the VNX Series P/N 300-011-796 Revision A01 January 5, 2010
Setting Up a Unisphere Management Station for the VNX Series P/N 300-011-796 Revision A01 January 5, 2010 This document describes the different types of Unisphere management stations and tells how to install
More informationAn overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)
Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in
More informationLeveraging SAML for Federated Single Sign-on:
Leveraging SAML for Federated Single Sign-on: Seamless Integration with Web-based Applications whether cloudbased, private, on-premise, or behind a firewall Single Sign-on Layer v.3.2-006 PistolStar, Inc.
More informationVersion 3.8. Installation Guide
Version 3.8 Installation Guide Copyright 2007 Jetro Platforms, Ltd. All rights reserved. This document is being furnished by Jetro Platforms for information purposes only to licensed users of the Jetro
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationEylean server deployment guide
Eylean server deployment guide Contents 1 Minimum software and hardware requirements... 2 2 Setting up the server using Eylean.Server.Setup.exe wizard... 2 3 Manual setup with Windows authentication -
More informationInstallation and Deployment
Installation and Deployment Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Installation and Deployment SmarterStats
More informationInstallation Instruction STATISTICA Enterprise Server
Installation Instruction STATISTICA Enterprise Server Notes: ❶ The installation of STATISTICA Enterprise Server entails two parts: a) a server installation, and b) workstation installations on each of
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationReference and Troubleshooting: FTP, IIS, and Firewall Information
APPENDIXC Reference and Troubleshooting: FTP, IIS, and Firewall Information Although Cisco VXC Manager automatically installs and configures everything you need for use with respect to FTP, IIS, and the
More informationDeploying System Center 2012 R2 Configuration Manager
Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
More informationOutDisk 4.0 FTP FTP for Email Users using Microsoft Windows and/or Microsoft Outlook. 5/1/2012 2012 Encryptomatic LLC www.encryptomatic.
OutDisk 4.0 FTP FTP for Email Users using Microsoft Windows and/or Microsoft Outlook 5/1/2012 2012 Encryptomatic LLC www.encryptomatic.com Contents What is OutDisk?... 3 OutDisk Requirements... 3 How Does
More informationManual for configuring NIC VPN in Windows OS
Manual for configuring NIC VPN in Windows OS NIC is introducing a new web based VPN interface to allow s to connect to NICNET through VPN. Apart from existing Client based VPN service, this new interface
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationXenDesktop Implementation Guide
Consulting Solutions WHITE PAPER Citrix XenDesktop XenDesktop Implementation Guide Pooled Desktops (Local and Remote) www.citrix.com Contents Contents... 2 Overview... 4 Initial Architecture... 5 Installation
More informationAd Hoc Transfer Plug-in for Outlook Installation Guide
IPSWITCH TECHNICAL BRIEF Ad Hoc Transfer Plug-in for Outlook Installation Guide In This Document Installing the Ad Hoc Transfer Plug-in for Outlook...1 Silent Install for Ad Hoc Transfer Plug-in for Outlook...3
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationQuick Start Guide. User Manual. 1 March 2012
Quick Start Guide User Manual 1 March 2012 This document outlines the steps to install SAMLite system into a single box of server and configure it to run for passive collection (domain login script). This
More informationEgnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)
w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationConfiguring Sponsor Authentication
CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five
More informationPro-Watch Software Suite Installation Guide. 2011 Honeywell Release 3.81
Pro-Watch Software Suite Release 3.81 Installation Guide Document 7-901073, Revision C Pro-Watch Software Suite Installation Guide 2011 Honeywell Release 3.81 Copyright 2011 Honeywell. All rights reserved.
More informationActive Directory Management. Agent Deployment Guide
Active Directory Management Agent Deployment Guide Document Revision Date: June 12, 2014 Active Directory Management Deployment Guide i Contents System Requirements...1 Hardware Requirements...1 Installation...3
More informationMigrating helpdesk to a new server
Migrating helpdesk to a new server Table of Contents 1. Helpdesk Migration... 2 Configure Virtual Web on IIS 6 Windows 2003 Server:... 2 Role Services required on IIS 7 Windows 2008 / 2012 Server:... 2
More information